[LNMP] Centos8 编译安装 Nginx

Nginx (engine x) 是一个高性能的HTTP和反向代理web服务器，同时也提供了IMAP/POP3/SMTP服务。

相关文章

• [LNMP] Centos8 编译安装 PHP 8.0 并启用 JIT
• [LNMP] Centos8 安装 MySQL
• [LNMP] Centos8 编译安装 Redis 及 phpredis 扩展

更新系统

更新系统软件包至最新版本

yum update

下载 Nginx 源码包

从 nginx:downloads 下载最新 PHP 源码包

wget http://nginx.org/download/nginx-1.19.5.tar.gz
tar -xvzf nginx-1.19.5.tar.gz
cd nginx-1.19.5

下载 ngx_http_substitutions_filter_module 模块

yum install git
git clone https://github.com/yaoweibin/ngx_http_substitutions_filter_module.git

安装编译组件

安装编译组件 make 和 gcc 和 g++

yum install gcc gcc-c++ make

安装依赖组件

yum -y install zlib zlib-devel openssl openssl-devel pcre pcre-devel

编译

使用 configure 自动配置

./configure \
--prefix=/etc/nginx \
--sbin-path=/usr/sbin/nginx \
--modules-path=/usr/lib64/nginx/modules \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/run/nginx.lock \
--http-client-body-temp-path=/var/cache/nginx/client_temp \
--http-proxy-temp-path=/var/cache/nginx/proxy_temp \
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
--http-scgi-temp-path=/var/cache/nginx/scgi_temp \
--user=www \
--group=www \
--with-compat \
--with-file-aio \
--with-threads \
--with-http_addition_module \
--with-http_auth_request_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_mp4_module \
--with-http_random_index_module \
--with-http_realip_module \
--with-openssl-opt=enable-tls1_3 \
--with-http_secure_link_module \
--with-http_ssl_module \
--with-http_slice_module \
--with-http_ssl_module \
--with-http_stub_status_module \
--with-http_sub_module \
--with-http_v2_module \
--with-mail \
--with-mail_ssl_module \
--with-stream \
--with-stream_realip_module \
--with-stream_ssl_module \
--with-stream_ssl_preread_module \
--with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fPIC' \
--with-ld-opt='-Wl,-z,relro -Wl,-z,now -pie' \
--add-module=/root/nginx-1.19.5/ngx_http_substitutions_filter_module

使用 make 编译

make -j4

-j4 表示四线程编译，推荐设置为 CPU 核心数

使用 make 安装

make install

配置

nginx 的配置文件在 /etc/nginx 目录下

创建 www 用户

useradd www

编辑 nginx.conf

编辑文件 nginx.conf

cd /etc/nginx
vim nginx.conf

修改为

user  www;
worker_processes  1;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    sendfile        on;
    keepalive_timeout  65;

    gzip  on;
    gzip_vary on;
    gzip_comp_level 6;
    gzip_buffers 32 4k;

    server_tokens off;

    include /etc/nginx/conf.d/*.conf;
}

创建站点

mkdir conf.d
cd conf.d

以本博客的 blog.conf 为例

server {
    listen       80;    
    server_name  limstash.com;
    client_max_body_size 512M;
    return 301 https://limstash.com$request_uri;
}

server {
    listen       443 ssl http2;

    server_name  limstash.com;

    root /www/wwwroot/blog;
    index index.htm index.html index.php;

    ssl_certificate      /etc/nginx/ssl/limstash.com/fullchain.cer;
    ssl_certificate_key  /etc/nginx/ssl/limstash.com/limstash.com.key;
    ssl_protocols        TLSv1.2 TLSv1.3;
    ssl_ciphers 'TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256';
    ssl_prefer_server_ciphers  on;
    ssl_session_cache    shared:SSL:10m;
    ssl_session_timeout  10m;

    client_max_body_size 512M;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload;";

    return 301 https://www.limstash.com$request_uri;
}

server {
    listen       80;
    listen       443 ssl http2;

    server_name  www.limstash.com;

    root /www/wwwroot/blog;
    index index.htm index.html index.php;

    ssl_certificate      /etc/nginx/ssl/limstash.com/fullchain.cer;
    ssl_certificate_key  /etc/nginx/ssl/limstash.com/limstash.com.key;
    ssl_protocols        TLSv1.2 TLSv1.3;
    ssl_ciphers 'TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256';
    ssl_prefer_server_ciphers  on;
    ssl_session_cache    shared:SSL:10m;
    ssl_session_timeout  10m;
    error_page 497 https://$host$request_uri;

    if ($server_port !~ 443){
        rewrite ^(/.*)$ https://$host$1 permanent;
    }

    client_max_body_size 512M;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload;";

    add_header Access-Control-Allow-Origin *;

    set $cache_uri $request_uri;

    # POST requests and urls with a query string should always go to PHP
    if ($request_method = POST) {
            set $cache_uri 'null cache';
    }

    if ($query_string != "") {
            set $cache_uri 'null cache';
    }   

    # Don't cache uris containing the following segments
    if ($request_uri ~* "(/wp-admin/|/manage|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {
            set $cache_uri 'null cache';
    }   

    # Don't use the cache for logged in users or recent commenters
    if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_logged_in") {
            set $cache_uri 'null cache';
    }


    location / {
            try_files /wp-content/cache/supercache/$http_host/$cache_uri/index-https.html $uri $uri/ /index.php?$args ;
    }

    location ~ ^/wp-content/uploads/.*.php$ {
        rewrite ^(/.*)$ https://$host/404 permanent;
    }

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_connect_timeout 600s;
        fastcgi_send_timeout    600s;
        fastcgi_read_timeout    600s;
        fastcgi_pass            127.0.0.1:9000;
        fastcgi_index           index.php;
        fastcgi_param           SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        include                 fastcgi_params;
    }

    location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md|readme.html|license.txt)
    {
        rewrite ^(/.*)$ https://$host/404 permanent;
    }

    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
    {
        expires      30d;
        error_log off;
        access_log off;
    }

    location ~ .*\.(js|css)?$
    {
        expires      12h;
        error_log off;
        access_log off;
    }

    access_log /www/wwwlogs/blog.log;
    error_log  /www/wwwlogs/blog.error.log;
}

注册 nginx 为系统服务

vim /usr/lib/systemd/system/nginx.service

填入

[Unit]
Description=nginx - high performance web server
Documentation=http://nginx.org/en/docs/
After=network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target

[Service]
Type=forking
PIDFile=/var/run/nginx.pid
ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s TERM $MAINPID

[Install]
WantedBy=multi-user.target

设置开机自动启动

systemctl enable nginx
systemctl start nginx

查看服务运行状态

systemctl status nginx